Search this Blog

Saturday, March 15, 2014

What is an Ethanalyzer and how is it used on Nexus platform ?

What are the steps in configuring Ethanalyzer and examples of its implementation and Ethanalyzer usage together with ACLs "log" option to sniff data plane traffic?Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.

Configuration:

To configure Ethanalyzer, use the following commands:

Command

Purpose

ethanalyzer local interface

Captures packets sent or received by the supervisor and provides detailed protocol information.

ethanalyzer local interface inband

Captures packets sent or received by the supervisor and provides detailed protocol information in the inband and outband interfaces.

ethanalyzer local interface mgmt

Captures packets sent or received by the supervisor and provides detailed protocol information in the management interfaces.

ethanalyzer local interface {inband | mgmt} brief

Captures packets sent or received by the supervisor and provides a summary of protocol information.

ethanalyzer local interface {inband | mgmt} limit-captured-frames

Limits the number of frames to capture.

ethanalyzer local interface {inband | mgmt} limit-frame-size

Limits the length of the frame to capture.

ethanalyzer local interface {inband | mgmt} capture-filter

Filters the types of packets to capture.

ethanalyzer local interface {inband | mgmt} display-filter

Filters the types of captured packets to display.

ethanalyzer local interface {inband | mgmt} decode-internal

Decodes the internal frame header for Cisco NX-OS.

Note Do not use this option if you plan to analyze the data using Wireshark instead of Ethanalyzer.

ethanalyzer local interface {inband | mgmt} write

Saves the captured data to a file.

ethanalyzer local read

Opens the captured data file and analyzes it.

Ethanalyzer does not capture data traffic that Cisco NX-OS forwards in the hardware but you can use ACLs with log option as a workaround (see the corresponding paragraph below).

ACLs and Ethanalyzer for Data Plane Sampling:

The Ethanalyzer captures only traffic on CPU, so seems as unsuitable solution for the data plane traffic analysis. However, this limitation can be avoided with a use of ACL logging to sample specific packets from data plane.

When we use ACLs and the “log” keyword, access control entries (ACEs) with log keyword cause system to punt a copy of matching packets to supervisor CPU. Key point is that original traffic forwarded or dropped in hardware with no performance penalty. Note that punted copies subjected to hardware rate limiter, forwarding engine hardware enforces rate to avoid saturating inband interface/CPU.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.